Versions Compared

Old Version 59

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 60

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In Struts 2.5 the Strict DMI was extended and it's called "Strict Method Invocation" aka  aka SMI. You can imagine that the DMI is a "border police", where SMI is a "tax police" and keeps eye on internals. With this version, SMI is enabled by default (strict-method-invocation attribute is set to true by default in struts-default package), you have option to disable it per package - there is no global switch to disable SMI for the whole application. To gain advantage of new configuration option please use the latest DTD definition:

...

  • <allowed-methods> / @AllowedMethods is defined per action - SMI works without switching it on but just for those actions (plus adding <global-allowed-methods/>)
  • SMI is enabled but no <allowed-methods> / @AllowedMethods are defined - SMI works but only with <global-allowed-methods/>
  • SMI is disabled - call to any action method is allowed that matches the default RegEx - ( Regex: .* )[A-Za-z0-9_$]*)

 

 

 

Note

When using wildcard mapping in actions' definitions SMI works in two ways:

  • SMI is disabled - any wildcard will be substituted with the default RegEx, ie.: <action name="Person*" method="perform*"> will be translated into allowedMethod = "regex:perform([A-Za-z0-9_$]*)".
  • SMI is enabled - no wildcard substitution will happen, you must strictly define which methods can be accessed by annotations or <allowed-method/> tag.

 

 

 

You can configure SMI per <action/> using You can configure SMI per <action/> usinf <allowed-methods/> tag or via @AllowedMethod annotation plus using per <package/> <global-allowed-methods/>, see the examples below:

...